--- - name: run a dummy container (sleep 300) from where we can create pool(s)/key(s) command: > docker run \ -d \ -v {{ ceph_conf_key_directory }}:{{ ceph_conf_key_directory }} \ --name ceph-create-keys \ --entrypoint=sleep \ {{ ceph_docker_registry}}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }} \ 300 changed_when: false run_once: true when: containerized_deployment - name: set docker_exec_client_cmd for containers set_fact: docker_exec_client_cmd: "docker exec ceph-create-keys" run_once: true when: containerized_deployment - name: create cephx key(s) ceph_key: state: present name: "{{ item.name }}" caps: "{{ item.caps }}" secret: "{{ item.key | default('') }}" containerized: "{{ docker_exec_client_cmd | default('') }}" cluster: "{{ cluster }}" dest: "{{ ceph_conf_key_directory }}" with_items: "{{ keys }}" run_once: true when: - cephx - keys | length > 0 - inventory_hostname in groups.get(client_group_name) | first - name: slurp client cephx key(s) slurp: src: "{{ ceph_conf_key_directory }}/{{ cluster }}.{{ item.name }}.keyring" with_items: - "{{ keys }}" register: slurp_client_keys run_once: true when: - cephx - keys | length > 0 - inventory_hostname in groups.get(client_group_name) | first - name: create ceph pool(s) command: > {{ docker_exec_client_cmd | default('') }} ceph --cluster {{ cluster }} osd pool create {{ item.name }} {{ item.get('pg_num', hostvars[groups[mon_group_name][0]]['osd_pool_default_pg_num']) }} {{ item.pgp_num | default(item.pg_num) }} {{ item.rule_name | default("replicated_rule") }} {{ item.type | default("replicated") }} {%- if item.type | default("replicated") == 'erasure' and item.erasure_profile != '' %} {{ item.erasure_profile }} {%- endif %} {{ item.expected_num_objects | default('') }} with_items: "{{ pools }}" changed_when: false run_once: true when: - pools | length > 0 - copy_admin_key - inventory_hostname in groups.get(client_group_name) | first - name: kill a dummy container that created pool(s)/key(s) command: docker rm -f ceph-create-keys changed_when: false run_once: true when: containerized_deployment - name: get client cephx keys copy: dest: "{{ item.source }}" content: "{{ item.content | b64decode }}" with_items: - "{{ slurp_client_keys.results }}" when: - not item.get('skipped', False) - not inventory_hostname == groups.get(client_group_name, []) | first - name: chmod cephx key(s) file: path: "{{ ceph_conf_key_directory }}/{{ cluster }}.{{ item.name }}.keyring" mode: "{{ item.mode|default(omit) }}" # if mode not in list, uses mode from ps umask with_items: "{{ keys }}" when: - cephx - keys | length > 0 - name: setfacl for cephx key(s) acl: path: "{{ ceph_conf_key_directory }}/{{ cluster }}.{{ item.0.name }}.keyring" entry: "{{ item.1 }}" state: present with_subelements: - "{{ keys }}" - acls - skip_missing: true when: - cephx - keys | length > 0